I am integrating slack-interactive button with jenkins-generic-webhook-plugin to trigger jenkins job on button action by adding jenkins webhook url in slack's interactive response url. Issue is jenkins-generic-webhook-plugin is not parsing requestBody sents by slack.
jenkins-generic-webhook-plugin supports payload request body only if the content-Type of invoke api is application/json,
But slack sends the payload with content-type as application/x-www-form-urlencoded.
Is there a way by which either
jenkins-generic-webhook-plugin will work with content-type as application/x-www-form-urlencoded
or
slack interactive message response payload will send with content-Type as application/json,
Related
Using Postman I'm trying to test my Rails endpoint which is receiving a webhook request. Client attached one important information inside of payload headers (instructions are below):
The HMAC is created with the HMAC-SHA256 algorithm using your shared secret, then encoded in base64.
The HMAC is attached to the callback request in the X-NorthRow-Signature header.
To test my App I need to attach X-NorthRow-Signature inside of headers, like below:
But when I tried to get in to this headers via console it's nil
[2] pry(#<Webhooks::Northrow::ReceiveWebhookController>)> headers['X-NorthRow-Signature']
=> nil
What did I missed?
I want to use HTTP basic authentication to password protect the status callback endpoint for programmable sms. On the initial request from Twilio, which does not have a Authorization header, I send back a status code of 401 with the WWW-Authenticate header set to "Basic realm='some realm'". However I do not receive a following request from Twilio with Authorization header.
refer: https://www.twilio.com/docs/usage/security#http-authentication
// Send sms with status callback
const details = await client.messages
.create({
body: 'This is the ship that made the Kessel Run in fourteen parsecs?',
from: 'TEST',
to: '......',
statusCallback: `https://user123:pass123#foo.com/status`
})
// Lambda response headers from logs
Method response headers: {WWW-Authenticate=Basic realm='Validate twilio request', Content-Type=application/xml}
Note: The reason as to why basic authentication is needed is to validate the authenticity of the request using the provided username and password. I am not using the X-Twilio-Signature HTTP header as I do not have access to the auth token to validate the request and am using api keys to make requests.
I tested with Ngrok (w/authentication enabled) with Twilio statusCallback basic authentication configured and it works. Try modifying your response headers to see if that changes anything.
Ngrok returns the below response headers:
HTTP/1.1 401 Unauthorized
Content-Length: 20
Content-Type: text/plain
Www-Authenticate: Basic realm="ngrok"
#Alan's answer lead me to investigate further on the headers returned by API Gateway. The 'WWW-Authenticate' headers that the lambda returned had been remapped by API Gateway (learn more here: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-known-issues.html)
The solution was to implement a lambda authorizer to intercept the request and do the necessary authentication i.e check for the Authorization header. The lambda authorizer then allows or denies the request from passing on to the lambda method.
I need to trigger Twilio Flow Rest API via a webhook that freshdesk have on the automation feature.
Twilio Flow
I configure the automation with webhook service: https://webhook.site and i received the data.
Freshdesk Automation Webhook configuration
When I use POSTMAN to trigger the flow it works perfectly.
POSTMAN TWILIO
Based on your screenshots, you are sending the data differently to Twilio with each approach.
The Freshdesk example is sending application/json but Postman (which you indicated works) is using form-data.Try selecting X-FORM-URLENCODED on the Freshdesk side.
Creating or Updating Resources with the HTTP POST and PUT Methods
"Creating or updating a resource involves performing an HTTP PUT or HTTP POST to a resource URI. In the PUT or POST, you represent the properties of the object you wish to update as form urlencoded key/value pairs. Don't worry, this is already the way browsers encode POSTs by default. But be sure to set the HTTP Content-Type header to "application/x-www-form-urlencoded" for your requests if you are writing your own client."
As per https://www.twilio.com/docs/api/security, Twilio should be including a "X-Twilio-Signature" header in requests sent to https addresses. However, the request sent to my application does not include such a header.
Please see the screenshot of the request details from Twilio's debugger page
As Devin Rader pointed out, the Twilio debugger was showing the response headers sent from my server, rather than the request headers sent to my server. The actual request sent to my server contained a header called "HTTP_X_TWILIO_SIGNATURE".
SimpMessageSendingOperations.convertAndSendToUser accepts MessagePostProcessor as the 4th parameter, but I cannot get message-id header from the callback.
Is there a way to get the message-id header sending to client on server side?